@things-factory/auth-base 4.3.563 → 4.3.582

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist-server/controllers/reset-password.js +0 -1
  2. package/dist-server/controllers/reset-password.js.map +1 -1
  3. package/dist-server/controllers/signup.js +64 -2
  4. package/dist-server/controllers/signup.js.map +1 -1
  5. package/dist-server/templates/reset-password-email.js +1 -4
  6. package/dist-server/templates/reset-password-email.js.map +1 -1
  7. package/package.json +2 -2
  8. package/server/controllers/reset-password.ts +0 -1
  9. package/server/controllers/signup.ts +76 -1
  10. package/server/templates/reset-password-email.ts +1 -4
package/dist-server/controllers/reset-password.js CHANGED
@@ -25,7 +25,6 @@ async function sendPasswordResetEmail({ user, context }) {
25
25
  receiver: user.email,
26
26
  subject: 'Reset your password',
27
27
  content: (0, reset_password_email_1.getResetPasswordEmailForm)({
28
- name: user.name,
29
28
  resetUrl: serviceUrl
30
29
  })
31
30
  });
package/dist-server/controllers/reset-password.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"reset-password.js","sourceRoot":"","sources":["../../server/controllers/reset-password.ts"],"names":[],"mappings":";;;AAAA,2DAAsD;AACtD,qCAAuC;AACvC,6BAAyB;AACzB,+CAAuD;AACvD,yFAA2G;AAC3G,mFAA8E;AAC9E,4EAA6E;AAC7E,6EAAuE;AACvE,6EAAuE;AACvE,6CAA4C;AAC5C,wDAA4D;AAC5D,qDAAgD;AAEhD,MAAM,YAAY,GAAG,YAAM,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC,OAAO,CAAA;AACnE,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,yCAAyC,CAAC,CAAA;AAElE,KAAK,UAAU,sBAAsB,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE;IAC5D,IAAI;QACF,IAAI,KAAK,GAAG,IAAA,+CAAqB,GAAE,CAAA;QACnC,IAAI,WAAW,GAAG,MAAM,IAAA,+CAAqB,EAAC,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,0CAAqB,CAAC,cAAc,CAAC,CAAA;QAEnG,IAAI,WAAW,EAAE;YACf,IAAI,UAAU,GAAG,IAAI,SAAG,CAAC,8BAA8B,KAAK,EAAE,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;YACvF,MAAM,IAAA,sBAAS,EAAC;gBACd,QAAQ,EAAE,IAAI,CAAC,KAAK;gBACpB,OAAO,EAAE,qBAAqB;gBAC9B,OAAO,EAAE,IAAA,gDAAyB,EAAC;oBACjC,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,QAAQ,EAAE,UAAU;iBACrB,CAAC;aACH,CAAC,CAAA;YAEF,OAAO,IAAI,CAAA;SACZ;KACF;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,KAAK,CAAA;KACb;AACH,CAAC;AArBD,wDAqBC;AAEM,KAAK,UAAU,aAAa,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO;IAC1D,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAErB,MAAM,iBAAiB,GAAG,MAAM,IAAA,uBAAa,EAAC,sCAAiB,CAAC,CAAC,OAAO,CAAC;QACvE,KAAK,EAAE;YACL,KAAK;YACL,IAAI,EAAE,0CAAqB,CAAC,cAAc;SAC3C;KACF,CAAC,CAAA;IAEF,IAAI,CAAC,iBAAiB,EAAE;QACtB,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,iCAAiC,CAAC,CAAC,CAAA;KACtD;IAED,MAAM,EAAE,MAAM,EAAE,GAAG,iBAAiB,CAAA;IACpC,IAAI,CAAC,MAAM,EAAE;QACX,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,iCAAiC,CAAC,CAAC,CAAA;KACtD;IAED,IAAI,IAAI,GAAG,MAAM,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;IACpD,IAAI,CAAC,IAAI,EAAE;QACT,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAA;KAC3C;IAED,4CAA4C;IAC5C,6CAA6C;IAC7C,IAAI;IAEJ,6CAA6C;IAC7C,WAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,GAAG,CAAC,CAAA;IAEnD,IAAI,CAAC,QAAQ,GAAG,WAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;IAEhD,IAAI,YAAY,GAAG,CAAC,EAAE;QACpB,IAAI,eAAe,GAAoB,MAAM,IAAA,uBAAa,EAAC,kCAAe,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAC5F,IAAI,OAAO,GAAG,EAAE,CAAA;QAEhB,IAAI,eAAe,EAAE;YACnB,IAAI;gBACF,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,OAAO,CAAC,CAAA;gBAC7C,IAAI,CAAC,CAAC,OAAO,YAAY,KAAK,CAAC,EAAE;oBAC/B,KAAK,CAAC,iDAAiD,CAAC,CAAA;oBACxD,OAAO,GAAG,EAAE,CAAA;iBACb;aACF;YAAC,OAAO,CAAC,EAAE;gBACV,KAAK,CAAC,8CAA8C,CAAC,CAAA;aACtD;YAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;gBACpD,OAAO,WAAI,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAA;YAClD,CAAC,CAAC,CAAA;YAEF,IAAI,KAAK,EAAE;gBACT,MAAM,IAAI,sBAAS,CAAC;oBAClB,SAAS,EAAE,+BAAkB;iBAC9B,CAAC,CAAA;aACH;SACF;KACF;IAED,MAAM,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,iCACzB,IAAI,KACP,iBAAiB,EAAE,IAAI,IAAI,EAAE,IAC7B,CAAA;IAEF,MAAM,IAAA,uBAAa,EAAC,sCAAiB,CAAC,CAAC,MAAM,CAAC;QAC5C,MAAM;QACN,KAAK;QACL,IAAI,EAAE,0CAAqB,CAAC,cAAc;KAC3C,CAAC,CAAA;IAEF,IAAI,YAAY,GAAG,CAAC,EAAE;QACpB,OAAO,GAAG;YACR;gBACE,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB;YACD,GAAG,OAAO;SACX,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC,CAAA;QAExB,MAAM,IAAA,uBAAa,EAAC,kCAAe,CAAC,CAAC,IAAI,CAAC;YACxC,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;SACjC,CAAC,CAAA;QAEF,KAAK,CAAC,0BAA0B,EAAE,OAAO,CAAC,MAAM,CAAC,CAAA;KAClD;AACH,CAAC;AAvFD,sCAuFC"}
1
+ {"version":3,"file":"reset-password.js","sourceRoot":"","sources":["../../server/controllers/reset-password.ts"],"names":[],"mappings":";;;AAAA,2DAAsD;AACtD,qCAAuC;AACvC,6BAAyB;AACzB,+CAAuD;AACvD,yFAA2G;AAC3G,mFAA8E;AAC9E,4EAA6E;AAC7E,6EAAuE;AACvE,6EAAuE;AACvE,6CAA4C;AAC5C,wDAA4D;AAC5D,qDAAgD;AAEhD,MAAM,YAAY,GAAG,YAAM,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC,OAAO,CAAA;AACnE,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,yCAAyC,CAAC,CAAA;AAElE,KAAK,UAAU,sBAAsB,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE;IAC5D,IAAI;QACF,IAAI,KAAK,GAAG,IAAA,+CAAqB,GAAE,CAAA;QACnC,IAAI,WAAW,GAAG,MAAM,IAAA,+CAAqB,EAAC,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,0CAAqB,CAAC,cAAc,CAAC,CAAA;QAEnG,IAAI,WAAW,EAAE;YACf,IAAI,UAAU,GAAG,IAAI,SAAG,CAAC,8BAA8B,KAAK,EAAE,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;YACvF,MAAM,IAAA,sBAAS,EAAC;gBACd,QAAQ,EAAE,IAAI,CAAC,KAAK;gBACpB,OAAO,EAAE,qBAAqB;gBAC9B,OAAO,EAAE,IAAA,gDAAyB,EAAC;oBACjC,QAAQ,EAAE,UAAU;iBACrB,CAAC;aACH,CAAC,CAAA;YAEF,OAAO,IAAI,CAAA;SACZ;KACF;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,KAAK,CAAA;KACb;AACH,CAAC;AApBD,wDAoBC;AAEM,KAAK,UAAU,aAAa,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO;IAC1D,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAA;IAErB,MAAM,iBAAiB,GAAG,MAAM,IAAA,uBAAa,EAAC,sCAAiB,CAAC,CAAC,OAAO,CAAC;QACvE,KAAK,EAAE;YACL,KAAK;YACL,IAAI,EAAE,0CAAqB,CAAC,cAAc;SAC3C;KACF,CAAC,CAAA;IAEF,IAAI,CAAC,iBAAiB,EAAE;QACtB,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,iCAAiC,CAAC,CAAC,CAAA;KACtD;IAED,MAAM,EAAE,MAAM,EAAE,GAAG,iBAAiB,CAAA;IACpC,IAAI,CAAC,MAAM,EAAE;QACX,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,iCAAiC,CAAC,CAAC,CAAA;KACtD;IAED,IAAI,IAAI,GAAG,MAAM,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;IACpD,IAAI,CAAC,IAAI,EAAE;QACT,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAA;KAC3C;IAED,4CAA4C;IAC5C,6CAA6C;IAC7C,IAAI;IAEJ,6CAA6C;IAC7C,WAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,GAAG,CAAC,CAAA;IAEnD,IAAI,CAAC,QAAQ,GAAG,WAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;IAEhD,IAAI,YAAY,GAAG,CAAC,EAAE;QACpB,IAAI,eAAe,GAAoB,MAAM,IAAA,uBAAa,EAAC,kCAAe,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAC5F,IAAI,OAAO,GAAG,EAAE,CAAA;QAEhB,IAAI,eAAe,EAAE;YACnB,IAAI;gBACF,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,OAAO,CAAC,CAAA;gBAC7C,IAAI,CAAC,CAAC,OAAO,YAAY,KAAK,CAAC,EAAE;oBAC/B,KAAK,CAAC,iDAAiD,CAAC,CAAA;oBACxD,OAAO,GAAG,EAAE,CAAA;iBACb;aACF;YAAC,OAAO,CAAC,EAAE;gBACV,KAAK,CAAC,8CAA8C,CAAC,CAAA;aACtD;YAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;gBACpD,OAAO,WAAI,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAA;YAClD,CAAC,CAAC,CAAA;YAEF,IAAI,KAAK,EAAE;gBACT,MAAM,IAAI,sBAAS,CAAC;oBAClB,SAAS,EAAE,+BAAkB;iBAC9B,CAAC,CAAA;aACH;SACF;KACF;IAED,MAAM,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAC,IAAI,iCACzB,IAAI,KACP,iBAAiB,EAAE,IAAI,IAAI,EAAE,IAC7B,CAAA;IAEF,MAAM,IAAA,uBAAa,EAAC,sCAAiB,CAAC,CAAC,MAAM,CAAC;QAC5C,MAAM;QACN,KAAK;QACL,IAAI,EAAE,0CAAqB,CAAC,cAAc;KAC3C,CAAC,CAAA;IAEF,IAAI,YAAY,GAAG,CAAC,EAAE;QACpB,OAAO,GAAG;YACR;gBACE,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB;YACD,GAAG,OAAO;SACX,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC,CAAA;QAExB,MAAM,IAAA,uBAAa,EAAC,kCAAe,CAAC,CAAC,IAAI,CAAC;YACxC,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;SACjC,CAAC,CAAA;QAEF,KAAK,CAAC,0BAA0B,EAAE,OAAO,CAAC,MAAM,CAAC,CAAA;KAClD;AACH,CAAC;AAvFD,sCAuFC"}
package/dist-server/controllers/signup.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.signup = void 0;
3
+ exports.UsernameValidator = exports.UsernameValidationError = exports.signup = void 0;
4
4
  const typeorm_1 = require("typeorm");
5
5
  const user_1 = require("../service/user/user");
6
6
  const verification_1 = require("./verification");
@@ -8,7 +8,8 @@ const signin_1 = require("./signin");
8
8
  const auth_error_1 = require("../errors/auth-error");
9
9
  const error_code_1 = require("../constants/error-code");
10
10
  async function signup(attrs, withEmailVerification) {
11
- const { email, password, domain, context } = attrs;
11
+ const { email, password, domain, context, name } = attrs;
12
+ UsernameValidator.validate(name);
12
13
  /* check if password is following the rule */
13
14
  user_1.User.validatePasswordByRule(password, context.lng);
14
15
  const repository = (0, typeorm_1.getRepository)(user_1.User);
@@ -40,4 +41,65 @@ async function signup(attrs, withEmailVerification) {
40
41
  }
41
42
  }
42
43
  exports.signup = signup;
44
+ class UsernameValidationError extends Error {
45
+ constructor(message) {
46
+ super(message);
47
+ this.name = 'UsernameValidationError';
48
+ }
49
+ }
50
+ exports.UsernameValidationError = UsernameValidationError;
51
+ class UsernameValidator {
52
+ static validate(username) {
53
+ // Check for empty or whitespace
54
+ if (!username || username.trim() === '') {
55
+ throw new UsernameValidationError('Invalid username.');
56
+ }
57
+ // Check length
58
+ if (username.length < this.MIN_LENGTH || username.length > this.MAX_LENGTH) {
59
+ throw new UsernameValidationError('Invalid username.');
60
+ }
61
+ // Check character set
62
+ if (!this.USERNAME_REGEX.test(username)) {
63
+ throw new UsernameValidationError('Invalid username.');
64
+ }
65
+ // Check word length
66
+ if (username.split('-').some(word => word.length > this.MAX_WORD_LENGTH)) {
67
+ throw new UsernameValidationError('Invalid username.');
68
+ }
69
+ // Check reserved words
70
+ if (this.RESERVED_USERNAMES.includes(username.toLowerCase())) {
71
+ throw new UsernameValidationError('Invalid username.');
72
+ }
73
+ // Check bad words
74
+ if (this.BAD_WORDS.some(word => username.toLowerCase().includes(word))) {
75
+ throw new UsernameValidationError('Invalid username.');
76
+ }
77
+ // Check repetitive patterns
78
+ if (this.REPETITIVE_PATTERN.test(username)) {
79
+ throw new UsernameValidationError('Invalid username.');
80
+ }
81
+ // Check numeric sequences
82
+ if (this.NUMERIC_SEQUENCE.test(username)) {
83
+ throw new UsernameValidationError('Invalid username.');
84
+ }
85
+ // Check for links
86
+ const urlPattern = /https?:\/\/[^\s]+/;
87
+ if (urlPattern.test(username)) {
88
+ throw new UsernameValidationError('Invalid username.');
89
+ }
90
+ }
91
+ }
92
+ exports.UsernameValidator = UsernameValidator;
93
+ UsernameValidator.MIN_LENGTH = 3;
94
+ UsernameValidator.MAX_LENGTH = 50;
95
+ UsernameValidator.MAX_WORD_LENGTH = 20;
96
+ UsernameValidator.USERNAME_REGEX = /^[a-zA-Z0-9_-]+$/;
97
+ UsernameValidator.REPETITIVE_PATTERN = /(\w)\1{3,}/;
98
+ UsernameValidator.NUMERIC_SEQUENCE = /[0-9]{6,}/;
99
+ UsernameValidator.RESERVED_USERNAMES = [
100
+ 'root', 'admin', 'system', 'user', 'administrator', 'superuser'
101
+ ];
102
+ UsernameValidator.BAD_WORDS = [
103
+ 'spam', 'test', 'sex', 'free', '123', 'fuck', 'shit', 'winning', 'bet', 'game'
104
+ ];
43
105
  //# sourceMappingURL=signup.js.map
package/dist-server/controllers/signup.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"signup.js","sourceRoot":"","sources":["../../server/controllers/signup.ts"],"names":[],"mappings":";;;AAAA,qCAAuC;AACvC,+CAA2C;AAC3C,iDAAsD;AACtD,qCAAiC;AACjC,qDAAgD;AAChD,wDAAyD;AAElD,KAAK,UAAU,MAAM,CAAC,KAAK,EAAE,qBAA+B;IACjE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,KAAK,CAAA;IAElD,6CAA6C;IAC7C,WAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,CAAA;IAElD,MAAM,UAAU,GAAG,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAA;IACtC,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,CAAC,CAAA;IAC/C,IAAI,GAAG,EAAE;QACP,MAAM,IAAI,sBAAS,CAAC;YAClB,SAAS,EAAE,4BAAe;SAC3B,CAAC,CAAA;KACH;IAED,MAAM,IAAI,GAAG,WAAI,CAAC,YAAY,EAAE,CAAA;IAEhC,IAAI,IAAI,GAAG,MAAM,UAAU,CAAC,IAAI,+BAC9B,QAAQ,EAAE,MAAM,IACb,KAAK,KACR,IAAI,EACJ,QAAQ,EAAE,WAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,EACrC,iBAAiB,EAAE,IAAI,IAAI,EAAE,EAC7B,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,IAC/B,CAAA;IAEF,IAAI,OAAO,GAAG,KAAK,CAAA;IACnB,IAAI,qBAAqB,EAAE;QACzB,OAAO,GAAG,MAAM,IAAA,oCAAqB,EAAC;YACpC,OAAO;YACP,IAAI;SACL,CAAC,CAAA;KACH;IAED,IAAI;QACF,OAAO;YACL,KAAK,EAAE,MAAM,IAAA,eAAM,EACjB;gBACE,KAAK;gBACL,QAAQ;aACT,EACD,EAAE,MAAM,EAAE,CACX;SACF,CAAA;KACF;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;KACvB;AACH,CAAC;AA9CD,wBA8CC"}
1
+ {"version":3,"file":"signup.js","sourceRoot":"","sources":["../../server/controllers/signup.ts"],"names":[],"mappings":";;;AAAA,qCAAuC;AACvC,+CAA2C;AAC3C,iDAAsD;AACtD,qCAAiC;AACjC,qDAAgD;AAChD,wDAAyD;AAElD,KAAK,UAAU,MAAM,CAAC,KAAK,EAAE,qBAA+B;IACjE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,KAAK,CAAA;IAExD,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IAEhC,6CAA6C;IAC7C,WAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,CAAA;IAElD,MAAM,UAAU,GAAG,IAAA,uBAAa,EAAC,WAAI,CAAC,CAAA;IACtC,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,CAAC,CAAA;IAC/C,IAAI,GAAG,EAAE;QACP,MAAM,IAAI,sBAAS,CAAC;YAClB,SAAS,EAAE,4BAAe;SAC3B,CAAC,CAAA;KACH;IAED,MAAM,IAAI,GAAG,WAAI,CAAC,YAAY,EAAE,CAAA;IAEhC,IAAI,IAAI,GAAG,MAAM,UAAU,CAAC,IAAI,+BAC9B,QAAQ,EAAE,MAAM,IACb,KAAK,KACR,IAAI,EACJ,QAAQ,EAAE,WAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,EACrC,iBAAiB,EAAE,IAAI,IAAI,EAAE,EAC7B,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,IAC/B,CAAA;IAEF,IAAI,OAAO,GAAG,KAAK,CAAA;IACnB,IAAI,qBAAqB,EAAE;QACzB,OAAO,GAAG,MAAM,IAAA,oCAAqB,EAAC;YACpC,OAAO;YACP,IAAI;SACL,CAAC,CAAA;KACH;IAED,IAAI;QACF,OAAO;YACL,KAAK,EAAE,MAAM,IAAA,eAAM,EACjB;gBACE,KAAK;gBACL,QAAQ;aACT,EACD,EAAE,MAAM,EAAE,CACX;SACF,CAAA;KACF;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;KACvB;AACH,CAAC;AAhDD,wBAgDC;AAGD,MAAa,uBAAwB,SAAQ,KAAK;IAChD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF;AALD,0DAKC;AAED,MAAa,iBAAiB;IAgB5B,MAAM,CAAC,QAAQ,CAAC,QAAgB;QAC9B,gCAAgC;QAChC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YACvC,MAAM,IAAI,uBAAuB,CAAC,mBAAmB,CAAC,CAAC;SACxD;QAED,eAAe;QACf,IAAI,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,IAAI,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE;YAC1E,MAAM,IAAI,uBAAuB,CAAC,mBAAmB,CAAC,CAAC;SACxD;QAED,sBAAsB;QACtB,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;YACvC,MAAM,IAAI,uBAAuB,CAAC,mBAAmB,CAAC,CAAC;SACxD;QAED,oBAAoB;QACpB,IAAI,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,eAAe,CAAC,EAAE;YACxE,MAAM,IAAI,uBAAuB,CAAC,mBAAmB,CAAC,CAAC;SACxD;QAED,uBAAuB;QACvB,IAAI,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,EAAE;YAC5D,MAAM,IAAI,uBAAuB,CAAC,mBAAmB,CAAC,CAAC;SACxD;QAED,kBAAkB;QAClB,IAAI,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE;YACtE,MAAM,IAAI,uBAAuB,CAAC,mBAAmB,CAAC,CAAC;SACxD;QAED,4BAA4B;QAC5B,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;YAC1C,MAAM,IAAI,uBAAuB,CAAC,mBAAmB,CAAC,CAAC;SACxD;QAED,0BAA0B;QAC1B,IAAI,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;YACxC,MAAM,IAAI,uBAAuB,CAAC,mBAAmB,CAAC,CAAC;SACxD;QAED,kBAAkB;QAClB,MAAM,UAAU,GAAG,mBAAmB,CAAC;QACvC,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;YAC7B,MAAM,IAAI,uBAAuB,CAAC,mBAAmB,CAAC,CAAC;SACxD;IACH,CAAC;;AA9DH,8CA+DC;AA9DyB,4BAAU,GAAG,CAAC,CAAC;AACf,4BAAU,GAAG,EAAE,CAAC;AAChB,iCAAe,GAAG,EAAE,CAAC;AACrB,gCAAc,GAAG,kBAAkB,CAAC;AACpC,oCAAkB,GAAG,YAAY,CAAC;AAClC,kCAAgB,GAAG,WAAW,CAAC;AAE/B,oCAAkB,GAAG;IAC3C,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,WAAW;CAChE,CAAC;AAEsB,2BAAS,GAAG;IAClC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM;CAC/E,CAAC"}
package/dist-server/templates/reset-password-email.js CHANGED
@@ -1,7 +1,7 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.getResetPasswordEmailForm = void 0;
4
- function getResetPasswordEmailForm({ name, resetUrl }) {
4
+ function getResetPasswordEmailForm({ resetUrl }) {
5
5
  return `
6
6
  <html lang="en">
7
7
  <head>
@@ -32,9 +32,6 @@ function getResetPasswordEmailForm({ name, resetUrl }) {
32
32
  src="http://www.hatiolab.com/assets/img/icon-mail.png"
33
33
  style="float:left;margin:0 10px 0 40px"
34
34
  />
35
- <span style="display:block;color:#fff;font-size:20px"
36
- >Hi ${name}!</span
37
- >
38
35
  <span style="display:block;color:#fff;font-size:34px;font-weight:bold"
39
36
  >Reset password</span
40
37
  >
package/dist-server/templates/reset-password-email.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"reset-password-email.js","sourceRoot":"","sources":["../../server/templates/reset-password-email.ts"],"names":[],"mappings":";;;AAAA,SAAgB,yBAAyB,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE;IAC1D,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBA+BS,IAAI;;;;;;;;;;;;;oBAaF,QAAQ;;;;;;;;;;;;;;;;;GAiBzB,CAAA;AACH,CAAC;AA/DD,8DA+DC"}
1
+ {"version":3,"file":"reset-password-email.js","sourceRoot":"","sources":["../../server/templates/reset-password-email.ts"],"names":[],"mappings":";;;AAAA,SAAgB,yBAAyB,CAAC,EAAE,QAAQ,EAAE;IACpD,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBAyCW,QAAQ;;;;;;;;;;;;;;;;;GAiBzB,CAAA;AACH,CAAC;AA5DD,8DA4DC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@things-factory/auth-base",
3
- "version": "4.3.563",
3
+ "version": "4.3.582",
4
4
  "main": "dist-server/index.js",
5
5
  "browser": "client/index.js",
6
6
  "things-factory": true,
@@ -40,5 +40,5 @@
40
40
  "passport-local": "^1.0.0",
41
41
  "uuid": "^3.4.0"
42
42
  },
43
- "gitHead": "6d56d68332b0b0b9ce496bbfda1c10e837e61e5b"
43
+ "gitHead": "00d138f3862bca8dd019dc457eaff707d38b6b60"
44
44
  }
package/server/controllers/reset-password.ts CHANGED
@@ -25,7 +25,6 @@ export async function sendPasswordResetEmail({ user, context }) {
25
25
  receiver: user.email,
26
26
  subject: 'Reset your password',
27
27
  content: getResetPasswordEmailForm({
28
- name: user.name,
29
28
  resetUrl: serviceUrl
30
29
  })
31
30
  })
package/server/controllers/signup.ts CHANGED
@@ -6,7 +6,9 @@ import { AuthError } from '../errors/auth-error'
6
6
  import { USER_DUPLICATED } from '../constants/error-code'
7
7
 
8
8
  export async function signup(attrs, withEmailVerification?: Boolean) {
9
- const { email, password, domain, context } = attrs
9
+ const { email, password, domain, context, name } = attrs
10
+
11
+ UsernameValidator.validate(name)
10
12
 
11
13
  /* check if password is following the rule */
12
14
  User.validatePasswordByRule(password, context.lng)
@@ -52,3 +54,76 @@ export async function signup(attrs, withEmailVerification?: Boolean) {
52
54
  return { token: null }
53
55
  }
54
56
  }
57
+
58
+
59
+ export class UsernameValidationError extends Error {
60
+ constructor(message: string) {
61
+ super(message);
62
+ this.name = 'UsernameValidationError';
63
+ }
64
+ }
65
+
66
+ export class UsernameValidator {
67
+ private static readonly MIN_LENGTH = 3;
68
+ private static readonly MAX_LENGTH = 50;
69
+ private static readonly MAX_WORD_LENGTH = 20;
70
+ private static readonly USERNAME_REGEX = /^[a-zA-Z0-9_-]+$/;
71
+ private static readonly REPETITIVE_PATTERN = /(\w)\1{3,}/;
72
+ private static readonly NUMERIC_SEQUENCE = /[0-9]{6,}/;
73
+
74
+ private static readonly RESERVED_USERNAMES = [
75
+ 'root', 'admin', 'system', 'user', 'administrator', 'superuser'
76
+ ];
77
+
78
+ private static readonly BAD_WORDS = [
79
+ 'spam', 'test', 'sex', 'free', '123', 'fuck', 'shit', 'winning', 'bet', 'game'
80
+ ];
81
+
82
+ static validate(username: string): void {
83
+ // Check for empty or whitespace
84
+ if (!username || username.trim() === '') {
85
+ throw new UsernameValidationError('Invalid username.');
86
+ }
87
+
88
+ // Check length
89
+ if (username.length < this.MIN_LENGTH || username.length > this.MAX_LENGTH) {
90
+ throw new UsernameValidationError('Invalid username.');
91
+ }
92
+
93
+ // Check character set
94
+ if (!this.USERNAME_REGEX.test(username)) {
95
+ throw new UsernameValidationError('Invalid username.');
96
+ }
97
+
98
+ // Check word length
99
+ if (username.split('-').some(word => word.length > this.MAX_WORD_LENGTH)) {
100
+ throw new UsernameValidationError('Invalid username.');
101
+ }
102
+
103
+ // Check reserved words
104
+ if (this.RESERVED_USERNAMES.includes(username.toLowerCase())) {
105
+ throw new UsernameValidationError('Invalid username.');
106
+ }
107
+
108
+ // Check bad words
109
+ if (this.BAD_WORDS.some(word => username.toLowerCase().includes(word))) {
110
+ throw new UsernameValidationError('Invalid username.');
111
+ }
112
+
113
+ // Check repetitive patterns
114
+ if (this.REPETITIVE_PATTERN.test(username)) {
115
+ throw new UsernameValidationError('Invalid username.');
116
+ }
117
+
118
+ // Check numeric sequences
119
+ if (this.NUMERIC_SEQUENCE.test(username)) {
120
+ throw new UsernameValidationError('Invalid username.');
121
+ }
122
+
123
+ // Check for links
124
+ const urlPattern = /https?:\/\/[^\s]+/;
125
+ if (urlPattern.test(username)) {
126
+ throw new UsernameValidationError('Invalid username.');
127
+ }
128
+ }
129
+ }
package/server/templates/reset-password-email.ts CHANGED
@@ -1,4 +1,4 @@
1
- export function getResetPasswordEmailForm({ name, resetUrl }) {
1
+ export function getResetPasswordEmailForm({ resetUrl }) {
2
2
  return `
3
3
  <html lang="en">
4
4
  <head>
@@ -29,9 +29,6 @@ export function getResetPasswordEmailForm({ name, resetUrl }) {
29
29
  src="http://www.hatiolab.com/assets/img/icon-mail.png"
30
30
  style="float:left;margin:0 10px 0 40px"
31
31
  />
32
- <span style="display:block;color:#fff;font-size:20px"
33
- >Hi ${name}!</span
34
- >
35
32
  <span style="display:block;color:#fff;font-size:34px;font-weight:bold"
36
33
  >Reset password</span
37
34
  >